Journal of Platform Technology

ICT Platform Society (ICT플랫폼학회)
권호 표지

User Dynamic Access Control Mechanism Using Smart Contracts in Blockchain Environment

블록체인 환경에서 스마트 컨트랙트를 활용한 사용자 동적 접근제어 메커니즘

  • 조도은 (목원대학교 SW 교양학부)
  • Received : 2021.02.27
  • Accepted : 2021.03.18
  • Published : 2021.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

최근 블록체인 기술을 다양한 분야에 활용하기 위한 연구가 활발히 진행되고 있다. 특히 블록체인 기반의 스마트 컨트랙트는 분산 원장 환경에서 데이터를 기록하여 데이터의 무결성과 유효성이 검증되며, 미리 작성되어 등록된 코드에 의하여 설정된 조건이 충족되면 자동으로 이행되는 특징을 가지고 있어서 신뢰성을 요구하는 다양한 자동화 시스템에 적용되고 있다. 그러나 블록 체인에서는 네트워크 참여자들에게 데이터가 공유되기 때문에 데이터 접근 제어와 정보의 보안이 이루어지지 못하고 있다. 본 논문에서는 블록체인 환경에서 스마트 컨트랙트를 활용한 사용자 동적 접근 제어 메커니즘을 제안한다. 제안된 메커니즘은 사용자가 데이터 접근시 사용자의 상황정보를 판별하여 사용자의 역할을 할당하고 데이터 접근 범위를 동적으로 제어한다. 이는 네트워크 시스템의 사용자 그룹별로 할당된 역할로 동일한 서비스를 제공하기 보다는, 사용자 인증 시점에 동적으로 데이터 접근 권한을 부여함으로써 시스템의 보안성과 데이터 관리의 효율성을 증가시킬 수 있다. 제안된 메커니즘은 블록체인 네트워크 내에 저장된 데이터의 보안성을 강화하기 위해 사용자의 동적인 데이터 접근 제어를 통해 유연한 인증 기능을 제공할 수 있을 것으로 기대된다.

Keywords

References

  1. Gartner Identifies the Top 10 Strategic Technology Trends for 2018. https://www.gartner.com/newsroom/id/3812063
  2. Andres Guadamuz & Chris Marsden, Blockchanins and Bitcoin: Regulatory Responses to Cryptocurrencies, First Monday-Peer Reviewed Journal on The Internet, 20(12), 2015. https://firstmonday.org/article/view/6198/5163
  3. K. Christidis and M. Devetsikiotis, "Blockchains and smart contracts for the internet of things," IEEE Access, vol. 4, pp. 2292-2303, 2016. https://doi.org/10.1109/ACCESS.2016.2566339
  4. G. Sagirlar, B. Carminati, E. Ferrari, J. D. Sheehan, and E. Ragnoli, "Hybrid-iot: Hybrid blockchain architecture for internet of things-pow subblockchains," arXiv preprint arXiv:1804.03903, 2018.
  5. Y. J. Huh, "A IoT control system that provides Authentication, Non-repudiation and Integrity Using a blockchain," Graduate School of Electronic Engineering, Master dissertation. Sogang University, Seoul, 2017.
  6. S. H. Yang, "Proposal for Smart Contract method for domestic medical system based on the colored coin," Department of Convergence Service Security Engineering, Master dissertation. Soonchunhyang University, Asan, 2017.
  7. Financial Services Commission, Study on the introduction of the block chain technology financial sector. Corda platform. https://www.r3.com, 2016.
  8. YOSEMITE Public Blockchain, Technical White Paper (KOR version), 2018. 02
  9. Z. Zheng, S. Xie, H. N. Dai, and H. Wang, "Blockchain challenges and opportunities: A survey," Work Pap, 2016.
  10. Ik-Soon Kim, "Survey on Smart Contract Programming Languages," [ETRI] Electronics and Telecommunications Trends, 35(5), pp. 134-138, 2020.
  11. Seung-Hyun Kim, Soohyung Kim. "Analysis of Blockchain-based Access Control Technology," [ETRI] Electronics and Telecommunications Trends, pp. 117-128, 2019.
  12. Szabo, Nick, The idea of smart contracts. Nick Szabo's Papers and Concise Tutorials, 1997.
  13. Young-Hun Kim. (2019). "A Study on Smart Contract for Personal Information Protection," Journal of Digital Convergence, Vol. 17. No. 3, pp. 215-220, 2019. https://doi.org/10.14400/JDC.2019.17.3.215
  14. Sayeed, Sarwar & Marco-Gisbert, Hector & Caira, Tom. Smart Contract: Attacks and Protections. IEEE Access. pp. 1-1, 2020.
  15. http://wiki.hash.kr/index.php/%EC%8A%A4%EB%A7%88%ED%8A%B8_%EA%B3%84%EC%95%BD
  16. Sang-Soo Yeo, Si-Jung Kim, Do-Eun Cho, "Dynamic Access Control Model for Security Client Services in Smart Grid," International Journal of Distributed Sensor Networks, June 2014.
  17. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Computer role-based access control models," Computer, vol. 29, no. 2, pp. 38-47, 1996. https://doi.org/10.1109/2.485845
  18. G. Neumann and M. Strembeck, "An approach to engineer and enforce context constraints in an RBAC environment," in Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT '03), pp. 65-79, Como, Italy, June, 2003.